Support the ongoing development of Laravel.io →
Security Requests

Hi using laravel 4.2 on an apache server

I'm trying to secure sections of my site with SSL - I'd like to serve certain pages through https and leave the rest of the site as plain http.

I've created a link to a secure page with this

<a href="{{ secure_url(URL::route('user.profile', [], false)) }}" title=""><i class="fa fa-user"></i> My Profile</a>

I've created a route with:

Route::get('user/profile', array(
'https',
'as'=>'user.profile',
'uses' => 'UserController@show'
));

This works - so happy with that.

However if I then follow a link on that page to a non secure route it continues trying to serve as https rather than http.

Is it possible to serve some pages as http and others as https? How can I then get non secure links to use http (if in an https view)

I'm confused with https - bit of a new venture for me. Most reference I can find seem to refer to serving the whole site under https which isnt quite what I want

Eventuially I want to ensure pages such as login, contact forms etc are served under https and information pages are served under http

Any references, best practice etc appreciated

Last updated 3 years ago.
0

How did you create those links to a HTTPS page? For relative links it is the normal behaviour to adopt the to the protocol of the current page.

It is indeed a good idea to serve the whole site with HTTPS, switching between HTTP and HTTPS is a tricky thing. There is for example the session id which is normally passed with a cookie. This cookie can only be sent to HTTPS pages, otherwise you expose the session id. Of course you will loose the session then. I wrote a small article about Switching between HTTP and HTTPS where i tried to explain this a bit more indepth.

Last updated 3 years ago.
0

Why not just always have HTTPS on and keep everything secure? If you have it there is no point not to.

Last updated 3 years ago.
0

I have been struggling with this problem for the last 30 minutes. The options as I see them.

1) Set everything to https

pros: everything secure, simple once setup

cons: Have to change web server to force https if it is setup to work with both (which mine is atm). Also need to generate self signed cert for local dev.

how: URL::secureAsset which is a shortcut to URL::asset('link' , true) ... this executes faster than other helpers, apparently

2) Check for secure in Router or Controller and Have multiple Views

pros: flexible (works with both), dont have to generate self signed certs, can still force https on prod when we get to it

cons: maintain multiple views

how: before view is loaded >> if (Request::secure()) then load different views

3) Check for secure in Router or Controller and pass parameter to the View

pros: flexible (works with both), dont have to generate self signed certs, can still force https on prod when we get to it

cons: Add some more code to the view?

how: before view is loaded >> if (Request::secure()) then pass true/false to view. must use URL::asset('link' , true) obviously.

Think I am going with #3 :)

Last updated 10 years ago.
0

Hi, I have also problems with using HTTPS urls. I want to put a couple of views under SSL... like this example

Route::get('test', array( 'https', function() { return View::make('test'); } ));

And my link: <a href="{{ secure_url('test', $parameters = array()) }}" title="">test</a>

I made a route like above in routes.php and I made the view 'test' in my folder 'views', but I got a error (403 - forbidden)..

I'm working on a shared server (Apache) and outside Laravel I use a folder called 'private_html' where I put secure html or php files into. I have Laravel installed at the root (above this 'private_html' folder).. Anyone a solution of what I have to do to let this work?

with regards, Gerard

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.